<?php
/**
 * Smarty plugin
 * @package Smarty
 * @subpackage plugins
 */

/**
 * determines if a resource is secure or not.
 *
 * @param string $resource_type
 * @param string $resource_name
 * @return boolean
 */

//  $resource_type, $resource_name

function smarty_core_is_secure($params, &$smarty)
{
	if (!$smarty->security || $smarty->security_settings['INCLUDE_ANY']) {
		return true;
	}

	if ($params['resource_type'] == 'file') {
		$_rp = realpath($params['resource_name']);
		if (isset($params['resource_base_path'])) {
			foreach ((array)$params['resource_base_path'] as $curr_dir) {
				if ( ($_cd = realpath($curr_dir)) !== false &&
				strncmp($_rp, $_cd, strlen($_cd)) == 0 &&
				substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR ) {
					return true;
				}
			}
		}
		if (!empty($smarty->secure_dir)) {
			foreach ((array)$smarty->secure_dir as $curr_dir) {
				if ( ($_cd = realpath($curr_dir)) !== false) {
					if($_cd == $_rp) {
						return true;
					} elseif (strncmp($_rp, $_cd, strlen($_cd)) == 0 &&
					substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR) {
						return true;
					}
				}
			}
		}
	} else {
		// resource is not on local file system
		return call_user_func_array(
		$smarty->_plugins['resource'][$params['resource_type']][0][2],
		array($params['resource_name'], &$smarty));
	}

	return false;
}

/* vim: set expandtab: */

?>
